[z_archive/KronOS.git] / core / login.php

<?php
define('WEBOS', TRUE);
require_once('common.php');

if (empty($_POST['user']) || empty($_POST['pass'])) {
	make_error('Username or password empty.', 1);
}
$sth = $db->prepare('SELECT uid, displayname FROM users WHERE username = ? AND password = ?');
$sth->bind_param('ss', $_POST['user'], sha1(PWSALT.$_POST['pass']));
$sth->execute();
$sth->bind_result($uid, $dispname);
if (!$sth->fetch()) { // no row returned
	make_error('Username or password incorrect.', 2);
}

// row returned, user/pw good
$sth->close();
$sth = $db->prepare('INSERT INTO sessions(sid, uid, started, last, active) VALUES (NULL, ?, NOW(), NOW(), 1)');
$sth->bind_param('i', $uid);
$sth->execute();
$sid = $sth->insert_id;

make_reply('Logged in!', array('uid' => $uid, 'sid' => $sid, 'name' => $dispname));
Commit	Line	Data
9efefde7	1	<?php
2d183941 JR	2	define('WEBOS', TRUE);
2d183941 JR	3	require_once('common.php');
9efefde7 JR	4
9efefde7 JR	5	if (empty($_POST['user']) \|\| empty($_POST['pass'])) {
2d183941	6	make_error('Username or password empty.', 1);
9efefde7	7	}
2d183941	8	$sth = $db->prepare('SELECT uid, displayname FROM users WHERE username = ? AND password = ?');
9efefde7 JR	9	$sth->bind_param('ss', $_POST['user'], sha1(PWSALT.$_POST['pass']));
9efefde7 JR	10	$sth->execute();
2d183941	11	$sth->bind_result($uid, $dispname);
9efefde7	12	if (!$sth->fetch()) { // no row returned
2d183941	13	make_error('Username or password incorrect.', 2);
9efefde7 JR	14	}
	15
	16	// row returned, user/pw good
	17	$sth->close();
	18	$sth = $db->prepare('INSERT INTO sessions(sid, uid, started, last, active) VALUES (NULL, ?, NOW(), NOW(), 1)');
	19	$sth->bind_param('i', $uid);
	20	$sth->execute();
	21	$sid = $sth->insert_id;
	22
2d183941	23	make_reply('Logged in!', array('uid' => $uid, 'sid' => $sid, 'name' => $dispname));